Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-5474

6.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 weeks ago

NASA cFS CCSDS Packet Header to_lab_passthru_encode.c CFE_MSG_GetSize heap-based overflow

A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local network to execute the attack. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-355078 | NASA cFS CCSDS Packet Header to_lab_passthru_encode.c CFE_MSG_GetSize heap-based overflow vdb-entrytechnical-description
VDB-355078 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #781950 | NASA cFS 7.0.0 Heap over-read via untrusted CCSDS length in TO_LAB sendto third-party-advisory
https://github.com/nasa/cFS/issues/952 issue-tracking
https://github.com/nasa/cFS/ product

Affected products

cFS

==7.0

Matching in nixpkgs

pkgs.cfssl

Cloudflare's PKI and TLS toolkit

nixos-unstable 1.6.5
- nixpkgs-unstable 1.6.5
- nixos-unstable-small 1.6.5
nixos-25.11 1.6.5
- nixos-25.11-small 1.6.5
- nixpkgs-25.11-darwin 1.6.5

pkgs.cpcfs

Manipulating CPC dsk images and files

nixos-unstable 0.85.4
- nixpkgs-unstable 0.85.4
- nixos-unstable-small 0.85.4
nixos-25.11 0.85.4
- nixos-25.11-small 0.85.4
- nixpkgs-25.11-darwin 0.85.4

pkgs.encfs

Encrypted filesystem in user-space via FUSE

nixos-unstable 1.9.5
- nixpkgs-unstable 1.9.5
- nixos-unstable-small 1.9.5
nixos-25.11 1.9.5
- nixos-25.11-small 1.9.5
- nixpkgs-25.11-darwin 1.9.5

pkgs.lxcfs

FUSE filesystem for LXC

nixos-unstable 6.0.6
- nixpkgs-unstable 6.0.6
- nixos-unstable-small 6.0.6
nixos-25.11 6.0.5
- nixos-25.11-small 6.0.5
- nixpkgs-25.11-darwin 6.0.5

pkgs.gencfsm

EncFS manager and mounter with GNOME3 integration

nixos-unstable 1.9
- nixpkgs-unstable 1.9
- nixos-unstable-small 1.9
nixos-25.11 1.9
- nixos-25.11-small 1.9
- nixpkgs-25.11-darwin 1.9

pkgs.cfspeedtest

Unofficial CLI for speed.cloudflare.com

nixos-unstable 2.2.1
- nixpkgs-unstable 2.2.1
- nixos-unstable-small 2.2.1
nixos-25.11 1.4.1
- nixos-25.11-small 1.4.1
- nixpkgs-25.11-darwin 1.4.1

pkgs.cfs-zen-tweaks

Tweak Linux CPU scheduler for desktop responsiveness

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 1.3.0
- nixos-25.11-small 1.3.0
- nixpkgs-25.11-darwin 1.3.0

pkgs.ocamlPackages.cfstream

Simple Core-inspired wrapper for standard library Stream module

nixos-unstable 1.3.2
- nixpkgs-unstable 1.3.2
- nixos-unstable-small 1.3.2
nixos-25.11 1.3.2
- nixos-25.11-small 1.3.2
- nixpkgs-25.11-darwin 1.3.2

pkgs.python312Packages.cfscrape

Python module to bypass Cloudflare's anti-bot page

nixos-25.11 2.1.1
- nixos-25.11-small 2.1.1
- nixpkgs-25.11-darwin 2.1.1

pkgs.python313Packages.cfscrape

Python module to bypass Cloudflare's anti-bot page

nixos-unstable 2.1.1
- nixpkgs-unstable 2.1.1
- nixos-unstable-small 2.1.1
nixos-25.11 2.1.1
- nixos-25.11-small 2.1.1
- nixpkgs-25.11-darwin 2.1.1

pkgs.python314Packages.cfscrape

Python module to bypass Cloudflare's anti-bot page

nixos-unstable 2.1.1
- nixpkgs-unstable 2.1.1
- nixos-unstable-small 2.1.1

pkgs.ocamlPackages_latest.cfstream

Simple Core-inspired wrapper for standard library Stream module

nixos-unstable 1.3.2
- nixpkgs-unstable 1.3.2
- nixos-unstable-small 1.3.2

pkgs.python312Packages.macfsevents

Thread-based interface to file system observation primitives

nixos-25.11 0.8.4
- nixos-25.11-small 0.8.4
- nixpkgs-25.11-darwin 0.8.4

pkgs.python313Packages.macfsevents

Thread-based interface to file system observation primitives

nixos-unstable 0.8.4
- nixpkgs-unstable 0.8.4
- nixos-unstable-small 0.8.4
nixos-25.11 0.8.4
- nixos-25.11-small 0.8.4
- nixpkgs-25.11-darwin 0.8.4

pkgs.python314Packages.macfsevents

Thread-based interface to file system observation primitives

nixos-unstable 0.8.4
- nixpkgs-unstable 0.8.4
- nixos-unstable-small 0.8.4

pkgs.azure-cli-extensions.managedccfs

Microsoft Azure Command-Line Tools Managedccfs Extension

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.2.0
- nixos-25.11-small 0.2.0
- nixpkgs-25.11-darwin 0.2.0

pkgs.python312Packages.python-linux-procfs

Python classes to extract information from the Linux kernel /proc files

nixos-25.11 0.7.3
- nixos-25.11-small 0.7.3
- nixpkgs-25.11-darwin 0.7.3

pkgs.python313Packages.python-linux-procfs

Python classes to extract information from the Linux kernel /proc files

nixos-unstable 0.7.3
- nixpkgs-unstable 0.7.3
- nixos-unstable-small 0.7.3
nixos-25.11 0.7.3
- nixos-25.11-small 0.7.3
- nixpkgs-25.11-darwin 0.7.3

pkgs.python314Packages.python-linux-procfs

Python classes to extract information from the Linux kernel /proc files

nixos-unstable 0.7.3
- nixpkgs-unstable 0.7.3
- nixos-unstable-small 0.7.3

pkgs.tests.testers.runCommand.nonDefault-hash

None

nixos-25.11 hvd21cfs9hxr
- nixos-25.11-small hvd21cfs9hxr
- nixpkgs-25.11-darwin hvd21cfs9hxr

Package maintainers

@katexochen Paul Meyer <katexochen0@gmail.com>
@ulrikstrid Ulrik Strid <ulrik.strid@outlook.com>
@mkg20001 Maciej Krüger <mkg20001+nix@gmail.com>
@stepbrobd Yifei Sun <ysun@hey.com>
@colemickens Cole Mickens <cole.mickens@gmail.com>
@mbrgm Marius Bergmann <marius@yeai.de>
@spacefrogg Michael Raitza <spacefrogg-nixos@meterriblecrew.net>
@aanderse Aaron Andersen <aaron@fosslib.net>
@megheaiulian Meghea Iulian <iulian.meghea@gmail.com>
@jnsgruk Jon Seager <jon@sgrs.uk>
@adamcstephens Adam C. Stephens <happy.plan4249@valkor.net>
@bcdarwin Ben Darwin <bcdarwin@gmail.com>